Basic Information Security Policies

TOIN Corporation (hereinafter “TOIN”) handles information assets through its translation service business and other operations. In order to protect the information assets handled in all of TOIN’s business areas from every possible threat and appropriately maintain their confidentiality, integrity, and availability, we have established rules in compliance with the content of the JISQ27001:2014 (ISO/IEC 27001 (ISMS):2013) Information Security Management System Requirements and an internal organization to administer those rules as an “Information Security Management System.” TOIN will continue a course of action within the Information Security Management System for the purpose of achieving the appropriate handling and management of information assets and providing a sense of trust and security to all TOIN stakeholders.

1. Definition of information security

TOIN defines information security as the maintenance of confidentiality, integrity, and availability with respect to information assets.

2. Risk assessment

TOIN will identify the projected information security risks for the handling of the information assets in its possession in accordance with the procedure established by internal company rules, analyze and evaluate the causes of recognized risks, and determine the optimal measures to improve and enforce operational handling procedures. TOIN will mitigate the identified risks to a level of risk which does not exceed a level that is acceptable to TOIN through the enforcement of risk measures.

3. Compliance with legal and contractual security obligations

TOIN will comply with information security related laws and ordinances, regulations, confidentiality from stakeholders, and other requirements in the operation of the “Information Security Management System” and fulfill its social responsibility through appropriate information security management.

4. Information security education and training

TOIN will make all employees involved in operations recognize the importance of information security while also raising awareness and providing the necessary education and training for the proper use of information assets.

5. Business Continuity Planning

In order to cope with a disruption of business activities due to a critical information system failure or the impact of a natural disaster, TOIN will enact a business continuity plan and carry out tests and evaluations of that plan.

6. Information security incidents

TOIN will implement preventive measures to prevent an information security incident. Moreover, in the event that such an incident should occur, TOIN will implement corrective measures to minimize the impact through an investigation of the causes and a rapid response.

TOIN hereby declares that it shall implement information security based on the policies described above.

Date enacted: June 30, 2021

TOIN Corporation

Representative Director and Chairman Ryusuke Okada